Skip to content
MVPeopleGroup
GRC & Compliance

Risk and Compliance Officer

Arnhem, GEFreelance / ZZP (MVPeople)HybridSenioroverige

About the assignment

You join a mature organisation navigating complex regulatory landscapes (ISO 27001, NIS2, DORA). Your role bridges security and business: translating compliance requirements into actionable risk controls, monitoring the compliance posture, and reporting findings to leadership.

You'll own risk assessments, manage audit cycles, and oversee remediation tracking. You partner with security teams to embed controls into daily operations, ensuring the organisation stays ahead of regulatory change.

Your responsibilities

  • Design and maintain risk assessment frameworks aligned with ISO 27001, NIST, and sector-specific regulations
  • Conduct regular compliance audits and gap analyses against applicable standards
  • Develop and execute remediation roadmaps for identified compliance gaps
  • Monitor regulatory changes (NIS2, DORA, AI Act) and assess organisational impact
  • Prepare compliance reports and risk dashboards for executive and board-level stakeholders
  • Collaborate with security, legal, and business teams to embed controls into processes
  • Manage relationships with internal/external auditors and regulatory bodies
  • Track and report on KRIs (Key Risk Indicators) and compliance metrics

Tech Stack & Tools

Platforms & Tooling

ServiceNow GRCArcherOneTrustJiraSplunk (for audit logging)

Frameworks & Standards

ISO 27001ISO 27035NIST Cybersecurity FrameworkCIS ControlsCOBIT 2019NIS2 DirectiveDORAAI Act

Methodologies

Risk assessment methodologies (qualitative/quantitative)Audit planning and executionIncident management and root cause analysisThird-party risk assessments

Certifications (preferred)

CISA (Certified Information Systems Auditor)CRISC (Certified in Risk and Information Systems Control)CISSPCISM

Must-haves

  • 5+ years in GRC, compliance, or IT audit roles
  • Deep knowledge of ISO 27001 and NIST frameworks
  • Experience with GRC platforms (ServiceNow, Archer, or OneTrust)
  • Strong stakeholder management and reporting skills
  • Fluency in Dutch and English

Nice-to-haves

  • CISA or CRISC certification
  • Experience with NIS2, DORA, or AI Act compliance
  • Background in financial services or critical infrastructure
  • Knowledge of third-party risk management (TPRM)

What we offer

  • Shape security governance strategy at enterprise level
  • Direct influence on board-level reporting and strategy
  • Work with mature compliance infrastructure and skilled teams
  • Competitive salary with performance bonus
  • Flexible working arrangements and professional development budget
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

The process

1

Introduction

Phone call with your MVPeople consultant (within 24 hours)

2

Match & Brief

We discuss the assignment in detail and prepare you

3

Client meeting

Introduction to the client

4

Start

Contracting and onboarding

Details

Type

Freelance / ZZP (MVPeople)

Location

Arnhem, GE

Work model

Hybrid

Level

Senior

Industry

overige

Market indication

€90 - €120 per hour

Posted

14 July 2026

Job ID

56455



Contact

Apply nowMore information
Apply now